HIPAA Compliance and Data Protection

Feb 2012

HIPAA Compliance and Data Protection

Posted by Samantha Morris

Patient privacy has become a major topic of concern over the past couple of years. With the majority of patientinformation being transferred over to digital format, to improve the convenience, efficiency and cost of storing the data, organizations expose themselves to risks.

HIPAA CartoonVirtually all healthcare organizations in the United States are affected by HIPAA standards. This act applies to any health care provider, health plan or clearinghouse that electronically maintains or transmits health information pertaining to patients. 

HIPAA was designed to reduce the administrative costs of healthcare, to promote the confidentiality and portability of patient records, to develop standards for consistency in the health care industry, and to provide incentive for electronic communications.  With these standards in place, organizations can better protect their systems and patients can feel confident that their personal medical information will remain private.

Without exception, all healthcare providers and organizations must have data security standards in place according to the Standards for the Security of Electronic Protected Health Information rules (the “Security Rule”) of HIPAA. The Security Rule requires health care providers to put in place certain administrative, physical and technical safeguards for electronic patient data including a Data Backup Plan, a Disaster Recovery Plan, and an Emergency Mode Operation Plan.

HIPAA security standards will also require your organization to appoint someone as the security manager. This person will act as the only designated individual in charge of the security management process and will have access to the data, preventing unauthorized access or corruption.

It is important to choose a data protection solution that ensures all electronic protected health information (EPHI) is fully protected when it is backed up and stored. The most important consideration relates to assurances of data consistency which can be achieved with autonomic healing and integrity checks. The solution should encrypt all information (minimum AES 256 encryption) before transfer to the service providers SSAE 16 certified data facilities.

For healthcare providers and managed service providers – how are you addressing the requirements of HIPAA for you business, patients and customers? How does cloud backup address the requirements of HIPPA compliance? Please comment below to start the conversation. 

Spice IT Email Post

SAS 70 is outdated as of June

SAS 70 is outdated as of June 2011, and replaced by SSAE 16. Still, the audit and report only relates to controls over financial recordkeeping and reporting.

If you want to partner with a HIPAA compliant service provider, you should realize what that means - the service provider needs to make the investment in an independent HIPAA audit by a certified practitioner and be found fully compliant across 54 HIPAA/HITECH citations, 136 audited components and 19 HIPAA standards with the controls stipulated in HIPAA version 1.2.1. (http://www.onlinetech.com/secure-hosting/hipaa-compliant-hosting/resourc...)

Please stop spreading incorrect knowledge and furthering industry confusion. It is misleading to tell healthcare companies it is enough if their service providers have a SAS 70.

Hey Tru, Thanks for your

Hey Tru,

Thanks for your feedback. I'm new to this biz and I do the best that I can when writing these posts. Your comment allows us to start a conversation around the confusion in the industry and properly address it. The sites from which I was doing my research were probably outdated.

Everyone, below is a link to Tru's post for more information about HIPAA compliance. I'm humble enough to admit that I'm a Newb and that I made a mistake.


For more information

Get insights about cloud backup and recovery direct to your inbox every month.
Subscribe to our Newsletter
Stay connected to the latest data protection insights – subscribe to our blog.
Subscribe to our blog
Got questions for one of our recovery specialists?
Need Answers to your Questions?
Print this page
Email this page